America's system of so-called "Fusion Centers" established by the Department of Homeland Security (DHS) for companies like utilities and manufacturers to report incidents that may have national-security implications is operated in a way that's "shoddy, rarely timely," and "sometimes endangering citizens' civil liberties and Privacy Act protections."

Those were the exact words in the report issued last night by the U.S. Senate's Permanent Subcommittee on Investigations that looked into how the roughly 70 state and local Fusion Centers have operated since 2003 when these centers were set up in the hopes of information-sharing between the private sector and government on suspected terrorism or cyberattacks.

According to the report, the DHS overstated "success stories" and kept problems quiet. The Senate subcommittee's review of 13 months of reports that came from the Fusion Centers found none of them uncovered a terrorist threat or did anything to help disrupt an active terrorist plot.

Instead, the investigation says it found that nearly a third of all the Fusion Center reports of that period - 188 out of 610 - were never published for use within DHS and by other members of the intelligence community, "often because they lacked any useful information, or potentially violated department guidelines meant to protect Americans' civil liberties or Privacy Act protections."

The report accuses DHS of storing "troubling intelligence reports" from the Fusion centers on people in the U.S., "possibly in violation of the Privacy Act."

Moreover, the Senate subcommittee says the Fusion Centers, which are in part federally funded, "suffered from a significant backlog." In which sometimes hundreds of draft intelligence reports sat for months before DHS officials made a decision about whether to release them. Many reports were published months late, and even a year after they were filed making the information appear out-of-date. Most reporting was not about terrorist or possible terrorist plots, but about criminal activity related to drugs, cash or human smuggling.

Last year, the role of the Fusion Centers erupted into the mainstream news in a storm of controversy over a supposed Russian cyberattack on a small Illinois water utility that was included in an advisory from the Fusion center called the Illinois Statewide Terrorism and Intelligence Center.

Though the Fusion Centers strive for absolute silence from anyone receiving the reports, that alleged Russian cyberattack information was initially leaked by a consultant in a blog who had happened to have read it as it was passed along to him. That whole incident at the Illinois water utility turned out to be a false alarm of embarrassing proportions. The supposed Russian cyberattack turned out to be a legitimate contractor who happened to be on vacation in Russia with his family who unwisely logged into the Illinois utility's network from there without informing the utility.

The Senate subcommittee report also criticized some purchases made at Fusion Centers using DHS grant funds, noting that buying "dozens of flat-screen TVs" and "sport utility vehicles" which were given away to other agencies seemed to be unrelated to the mission of a Fusion Center, though DHS said they were allowed.

The Senate report also said interviews directly with some DHS officials did lead to admissions from them that a lot of the reporting was "predominantly useless information" and "what a bunch of crap is coming through."

The Senate report faulted the Fusion Center system for weak training before sending individuals to handle sensitive domestic intelligence and also that officials who routinely authored useful or potentially illegal Fusion Center intelligence reports faced no reprimands.

According to the report, DHS was unable to provide an accurate tally of how it actually granted to states and cities to support Fusion Centers, though came up with estimates that ranged from $289 to $1.4 billion from 2003 to 2011.

The Senate subcommittee report which also pointed out Congress has to accept its responsibility for the weak system of Fusion Centers and dubious intelligence reporting recommended that Congress and DHS look afresh at the basis for the Fusion Centers in light of the investigation into it.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.